<?php 
if(isset($_POST['btn_signin'])){
	if(!empty($_POST['username']) && !empty($_POST['password'])){
		$result = mysql_query("SELECT `loginid` FROM `login` WHERE `username` = '".mysql_real_escape_string($_POST['username'])."' AND `password` = '".mysql_real_escape_string($_POST['password'])."'");
		if(mysql_num_rows($result)==1){
			/* Login Success */
			$user = mysql_fetch_assoc($result);
			$_SESSION['loginid'] = $user['loginid'];
			$_SESSION['username'] = $_POST['username'];
			echo '<div class="success">Login Success<br><a href="index.php?act=admin"><em>Click Here to refresh this page</em></a></div>';
		}
		else {
			echo '<div class="failed">Login Failed</div>';
		}
	}
	else echo '<div class="failed">One of the fields is empty.</div>';
}

?>

<form action="" method="post" enctype="multipart/form-data">
<div align="center">
<table width="300" border="0" align="center">
  <tr>
    <td colspan="2"><strong>Login</strong></td>
  </tr>
  <tr>
    <td><label for="username">Username</label></td>
    <td><label for="username"></label>
      <input type="text" name="username" id="username"></td>
  </tr>
  <tr>
    <td><label for="password">Password</label></td>
    <td><input type="password" name="password" id="password"></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><button type="submit" name="btn_signin">Sign In</button></td>
  </tr>
</table>
</div>
</form>
<?php
